b" Spotlight\n Department of Homeland Security\n\nOf\xef\xac\x81ce of Inspector General                                                                                  September 2012 OIG-12-115\n\n\n\n(U) Review of DHS' Information Security Program\nfor Intelligence Systems for Fiscal Year 2012\n\nUnclassified Summary\nWe reviewed the Department of Homeland Security\xe2\x80\x99s (DHS) enterprise-wide security program and practices for Top\nSecret/Sensitive Compartmented Information intelligence systems. Pursuant to the Federal Information Security Management Act,\nwe reviewed the department\xe2\x80\x99s security management, implementation, and evaluation of its intelligence activities, including its\npolicies, procedures, and system security controls for enterprise-wide intelligence systems. In doing so, we assessed the\ndepartment\xe2\x80\x99s continuous monitoring, configuration management, identity and access management, incident response and reporting,\nrisk management, security training, plans of actions and milestones, contingency planning, security capital planning, and systems\ninventory.\n\nSince the fiscal year 2011 evaluation, the Office of Intelligence and Analysis (I&A) has improved its oversight of department-wide\nsystems and established programs to monitor ongoing security practices. I&A has developed and implemented a training program to\neducate DHS\xe2\x80\x99 growing number of personnel assigned security duties on intelligence systems. In addition, progress has been made in\ncollaboration with other DHS components in centralizing plans and priorities for mitigating security weaknesses, streamlining\nsystem configuration management, and maintaining a systems inventory. However, we identified deficiencies in the areas of system\nauthorization, supply chain threats, and security capital planning. Fieldwork was conducted from April through July 2012.\n\n\n\n\nFor Further Information:\nContact our Office of Public Affairs at (202)254-4100, or email us at DHS-OIG.OfficePublicAffairs@oig.dhs.gov\n\x0c"